I have never heard of wire, I will check it out. Looks interesting on first glance. One thing from the marketing page stood out to me:
> Organizations can set up customized alerts, bypassing silent mode on all devices, and trigger responses for crisis teams.
Not a knock against Wire, I guess this is just where we are as a society, but I am not a fan of this whatsoever. I would refuse my company access to do this on my personal device. Mail me a pager, I'll turn it on when I'm up.
> I have never heard of wire, I will check it out. Looks interesting on first glance.
It's basically Signal but without the popularity, despite predating it. Why Signal took off and Wire stagnated, I am not sure. The network effect is one part of it, probably caused by Moxie being popular in the community, but another part is that Wire does not seem to care as much about doing cool stuff like private contact discovery that Signal put some real R&D into (and no other service (Threema/Wire/etc.) even bothered to even copy, let alone build upon).
Main differences:
- Signal is better with metadata
- Wire needs no phone number
- Wire treats devices equivalently. If you want two phones, that's fine (Signal supports only 1 mobile device and N slave desktop devices; can't have desktop without mobile or more than one mobile) and is mostly feature-complete on each platform (Signal misses e.g. gifs on desktop)
- Signal's apps are a bit more polished than Wire's, slightly better UX
- Now that Signal has been gaining popularity and Wire, um, not as far as I can tell, Wire seems to be focusing more on corporate use. But it's still possible to register free accounts: https://app.wire.com/auth/?hl=en#createaccount
- I think Wire has a bots system that Signal does not (and is generally more open to integrations), but I could be wrong here
I've been using it for a number of years now. I have a few groups of family and friends with persistent group chats we have perpetually running on Wire.
The fact that you can make a Wire account with no phone number needed is a great benefit in my opinion.
I find Wire's handling of media (Embedded YouTube, spotify, gifs) to be better than Signal's, which was a key point to win over my family members. I think some secure messengers over look this. Us "privacy people" want strong encryption and all, but good luck getting spouses and grandparents using it if it's no fun.
Wire was pretty flakey in the early days I feel, and I'd have to "jiggle" the client a lot to sometimes get messages to send. Fortunately that seems to have been ironed out, and I haven't had any issues in quite a long time.
It is odd to me that it hasn't taken off more, especially as it was started by one of Skype's founders. But alas.
I do like (and use) Signal as well, but I'm always glad to see mention of Wire on here.
Similar here. Just an hour ago I had to jiggle Signal to send a message, their implementation is super wonky compared to whatever Wire, Telegram, Threema, etc. uses and it'll often not work for hours. There is also zero indication on when it works and when it's broken, to find out I have to send a test message in a group with only me in it, and then delete that six times if I want to clean it up (2 removals on 3 devices: long tap, remove, yes I'm sure, get a placeholder "this message was removed", long tap, remove that placeholder).
Wire is a much better experience in that sense and has more features. But then those features each work just a little less well than they do on Signal. With the recently rolled-out conference calling they seem to have resolved one of the worst bugs: until a few months ago we'd often have one person not be able to hear another on a group call, while everyone else could hear them. Never had that problem on Signal. Or on iOS (unfortunately have to use that for work) it used to work fine, until an iOS update 2 years ago since which I have to open Wire (and leave it open) for it to download messages, which takes 5 minutes for 250 messages and in the meantime you just can't really use it. Notifications work, but it doesn't seem to download the contents. Signal updates fine on that iOS device, but then yeah on Android I have this other Signal connectivity issue so...
pros and cons, pros and cons
Overall though, compared to Signal, Wire is hugely underrated. It's just as good, if not better, but it just gets zero network effect. People are all on facebook's chat apps, and only if you're lucky Telegram and/or Signal, but Wire? Threema? Matrix?! Forget it :/. My family is now on Signal, I chose it for the network effect (so it would not be for only me, they would hopefully see more benefits than just talking to me), but it was quite a tough choice between mediocre choices after they were on Telegram for a while.
It's also Signal without the security model. Wire maintains a serverside, plaintext directory of who's talking to who. It's part of the whole premise of Signal not to do this.
That doesn't make Wire bad, it just makes it suitable for a different set of applications.
> It's also Signal without the security model. Wire maintains a serverside, plaintext directory of who's talking to who. It's part of the whole premise of Signal not to do this.
Signal also permanently keeps user's information in the cloud including a list of the people they talk to. It's not stored in plain text, but it's there. I don't find signal to be trustworthy at this point so for people looking for secure communication I recommend Jami, but it lacks polish.
You can just look at how Signal has responded to court orders for information, and the FBI's documentation for what it can obtain from different providers. Through legal process (or, because Wire is hosted overseas, without it, using CNE), the FBI can obtain the entire Wire social graph.
> You can just look at how Signal has responded to court orders for information,
Signal is very proud that once a long time ago the state came to them asking for user data and signal could only tell them they had no data to provide. That has changed. Signal now collects and stores exactly the data they were being asked to hand over. It's not clear at all that your data with signal is protected. Security concerns were brought up repeatedly and were ignored (see for example https://community.signalusers.org/t/proper-secure-value-secu...)
Signal still brags about "that one time we had nothing to hand over" though. They still have a page on their website talking about it. They've never updated their privacy policy to reflect that are collecting and storing sensitive user data either. Not a good look for a company you're supposed to trust with secure communications.
Your comments sound pretty damning and got me curious if there was some conspiracy I didn't yet know about, but then I click to the source and it turns out that this is not a silent change to upload more data without users knowing anything, it's an announced feature to (afaik optionally) backup this data to Signal's servers, protected with a PIN. It may not be obvious to my mother, sure, but it's also not exactly rocket science that 4 digits will not be secure under any offline-attackable circumstances. (For that they add SGX which seems broken so that is moot.)
On the other hand, it's not exactly hard to find out who's talking to whom if the server owners want to (or are forced to). Traffic analysis without onion routing is trivial at least in theory, so tptacek isn't quite correct either that Signal does not allow any sort of social graph obtaining. Sealed sender helps a little, but is not a solid thing to rely on if you're the kind of target for whom they would even bother submitting a subpoena. Wire also doesn't keep a list of who's in a group with whom (your client handles that) so there, too, you have to do traffic analysis to find these relations -- just an easier form than you would have to do if Wire would have had sealed sender.
Hence I consider it all about equal, with a small asterisk for Signal that they try really hard to make it as good as possible (compared to Wire doing just the now-regular end-to-end encryption).
It was an "announced" change but in a very confusing manner that caused a lot of problems and misunderstandings. My view on this failure in clear communication is summed up well by this guy (the entire post/comment section is worth a look though, it illustrates the confusion very well):
The folks at community.signalusers.org caught on before it was even implemented, but most people had no idea why signal was suddenly asking them for a pin and no idea what data was being collected when they gave it one, and no idea the data collection would still happen if they opted out.
Just look at this recent thread and how very very wrong so many people still are (confidently even):
The terrible communication, followed by the fact that their privacy policy was never updated (The very first sentence of which is an outright lie) are huge red flags. The nature of Signal makes it a valuable target. While I can't rule out simple incompetence, if signal has been handed a national security letter with a gag order and the state is on site collecting user's data Room 641A style, this kind of behavior could be explained as them telling their users not to trust them as loudly as they could. Wire would seem more trustworthy in that sense.
Ultimately though, the fact remains that the best way to keep your user's data safe is to never collect it in the first place. Signal could have given people an option to opt out of the data collection like many in the community had been asking them to and none of this would have been an issue. Since there are other apps that don't collect and store your name, photo, and lists of everyone you've been talking to I'd rather just stick to recommending those. I'll admit to still feeling a bit bitter about Signal though because I was a fan and the alternatives I've found aren't nearly as nice to use.
> Signal is very proud that once a long time ago the state came to them asking for user data and signal could only tell them they had no data to provide.
Have you looked at https://signal.org/bigbrother/ recently? There are five instances of this, one as recent as November 2021.
Signal has the data being requested but they'd have to brute force a user's pin or use an exploit to get to it. Routine requests aren't going to compel them to take those actions and national security letters aren't going to be published on their website.
"CNE" is a fancy word for "exploits" that I had to look up, for anyone else not in the know of this specific terminology...
And yeah this is a blanket statement you can use for any application: nation states can get at your data using "CNE" regardless of what app you're talking about, presuming there always exists an "E" for your client (which is indeed a fairly safe assumption with these featureful OSes and apps). Not sure why you're applying this argument to Wire but not Signal.
"of course" thank you, yes this is really very obvious. As if Signal can't see whom I'm talking to if they wanted to. Yes, their marketing material says as much (and they genuinely try to make it hard for themselves), but you're not the kind of person who swallows those blog posts without thinking of the ways you would attack it. In both cases we trust the server not to snoop on our metadata.
No, we do not trust Wire to do that, and your evidence for that is that the service not only uses but requires a serverside SQL database of this information in order to function.
I'm being terse because I'm not super interested in relitigating this on this thread. Signal and Wire have different use cases. Wire isn't evil, it's just not the same product Signal is. There are people closer to Signal's engineering who can pick up the particulars if they think it's important to shoot down anything anybody else said here.
The above discusses the marketed features, but essential to security is the implementation. Based on what I understand from people with actual IT security expertise (I have IT expertise, but not specifically in security), Signal is on a different level than the others, and really the only option if you want real security (depending, of course, on your needs).
The above discusses what I notice in practical terms.
As a privacy nut, I want to use an encrypted messenger for my friends and family so I dove into the privacy aspect pretty deep. I work in security so I also understand the technical details. I also use Wire, Signal, Telegram, and Matrix/Element on a daily basis (and Threema ~weekly) so I know which practical pros and cons I run into for each of them.
> what I understand from people with actual IT security expertise
That would be me. Wire is solid. It's based on the same protocol as Signal and my employer (shortly before I started working there) audited the implementations and applications so I know the people that did this audit, and was later involved in a small architecture review as well. The reports are also open and available on the website of my employer as well as Wire's.
Signal goes one step further and does innovative stuff like sealed sender and private contact discovery, but this does not impact the security of your messages or calls. It has more to do with privacy, aka how much Signal is able to do with your metadata. All of the measures they implemented can be broken if they wanted to (SGX vulns, traffic analysis, ...), so I am hesitant to consider it a solid advantage, but it's now harder to get your metadata so it's still worth something.
On the other hand, there are the advantages (and disadvantages) I mentioned above. It's a trade-off and there's something to be said for each.
(Of course I speak for myself and my employer may have a different opinion yada yada)
> [Signal is] really the only option if you want real security
That's not really true as a strong blanket statement.
For message/call integrity and confidentiality: Wire and Signal are basically the same, because they use the same base protocol.
If you (also) mean privacy, then... it depends:
- Threema operates (app and infra) in a country with better privacy laws, and Cure53 audited them recently so their protocol should also be good. I'd go with them if I wanted the best privacy on a centralized service, though you don't get some of the fancier protocol features like plausible deniability (not that that's worth much, but it's nicer to have than not to have)
- Signal does innovative stuff but requires a phone number (in my country that's linked to a government-issued identity)
- Wire has infrastructure in the USA (big downside imo, I don't understand this choice) but their legal entity is iirc in Germany (which I would consider a similar jurisdiction as Threema's (Switzerland)) so that's still better than Signal in terms of coercion to hand over anything
- Keybase has none of these advantages but still many people choose it for their integrations
- Matrix-the-service I don't remember, but with federation it's fairly trivial to use your own home server so you're fully in control. This is obviously the best option, even if you'd not use e2ee and just encrypt-to-your-server because it's your server which can be in your house.
Pick your poison on that front, or go decentralized.
The aspect I cannot really speak to is exploitability, like how hard it would be to find an exploit that works on one of these apps. Best would be to have one that just shows plain text messages and doesn't do image parsing, video displaying, link resolving, peer to peer calling, etc. That is exactly none of the above and I assume that all of the above rely on system libraries for media/emoji/etc. parsing, so it should be about equal, but I don't know that for a fact.
> For message/call integrity and confidentiality: Wire and Signal are basically the same, because they use the same base protocol.
This statement is surprising to read. The protocol is only necessary; the implementation is the critical piece. Many apps use the protocol developed by Signal, including WhatsApp afaik. Insecurely implemented protocols are the most common threat.
> All of the measures they implemented can be broken if they wanted to (SGX vulns, traffic analysis, ...)
Also a bit hard to understand from a professional perspective. All measures implemented by anyone can be broken with enough resources, or at least that must be assumed.
> SGX vulns
As I understand it: SGX (on Signal's servers) is only used if you use certain features (i.e., you can choose not to use it), and the key stored there only adds to the security of your own password. If you use a secure enough password, the key in SGX won't matter. It's for users who choose weak local passwords; Signal adds a key locally that strengthens the local password, but needs to make it available to users who lose their old phone and want to recover their data (and similar scenarios).
Being use both signal and wire for a long time. Thought they both use the same e2e tech underneath. The only difference is signal is more tight to a smart phone device and phone number. Where as wire I can down load my chat history on to a USB.
That convenience has to be let go when working on operations-critical services. This feature is an absolute necessity in a lot of cases, and of course employees can complain, but not resolving certain issues urgently can mean that an entire hospital's system stays inaccessible overnight, or worse.
Missed the point. If that operation is so critical, give me a workplace owned device to deal with it. My employer is not getting superuser access to my personal devices.
they do not need super-user permissions. That would imply that the phone has to be rooted. over-coming certain settings that apply to regular apps? sure. but that's a very android/iOS specific feature-set that is exposed to all app developers.
They do not need superuser, they can just request the permission to bypass DND. I believe apps can't tell if you gave them the permission or not, so there is no way to "force" users into this.
This sounds like a feature that spawned from good intentions, but it's obvious in what ways this would get abused once you scale up the amount of Wire users.
> Organizations can set up customized alerts, bypassing silent mode on all devices, and trigger responses for crisis teams.
Not a knock against Wire, I guess this is just where we are as a society, but I am not a fan of this whatsoever. I would refuse my company access to do this on my personal device. Mail me a pager, I'll turn it on when I'm up.